Simple Windows XP Corrupt Registry Recovery
23
May
Registry corruptions don’t always require a wipe and reinstall. You can often get the registry ‘back’ using a backed up copy. Microsoft published a procedure for doing this way back in knowledge base article KB307545. The trouble with this procedure is it is very tedious, utilizing Windows XP recovery mode (basically a DOS prompt) and tricks to get into the System Volume Information directory.
Instead, utilizing the fantastic System Recovery CD, you can quickly restore a backup copy of the registry.
Here is the modified procedure we use for registry recovery:
- Burn SysResCD to a CD (or USB Flash drive – see the website for instructions)
- Boot the system using the SySResCD CD or Flash Drive
- Find the main windows partition:
> fdisk /dev/sda
Hit ‘p’ to print the partition table. Look for the biggest windows/NTFS partition in blocks (we’ll say it’s sda2)
Hit ‘q’ to quit fdisk
- Mount the windows partition using ntfs-3g:
> ntfs-3g /dev/sda2 /mnt/windows
Replace sda2 with whichever partition was your main windows partition listed in fdisk
- cd /mnt/windows/Windows/System32/config
This is case sensitive and varies – so try typing a few letters and hitting Tab to auto complete. Or list the directory with the ‘ls’ command to see the proper case. It is usually WINDOWS/System32
- You are now in the registry directory. Rename the five main registry hives, using a command like this:
>mv SAM SAM.bak
Again SAM may be upper case or lower case. Check. Backup DEFAULT, SECURITY, SOFTWARE, SYSTEM, and SAM and make note if the filenames were upper case or lower case.
- Now cd /mnt/windows/System Volume Information and follow the knowledge base instructions for finding a recent restore folder for the registry hives:
* This folder contains one or more _restore {GUID} folders such as “_restore{87BD3667-3246-476B-923F-F86E30B3E7F8}”.
* Open a folder that was not created at the current time (if there are more than one). Use >ls -lart to see the timestamps on the directories. Pick the 2nd most recent one unless the most recent one shows a timestamp other than when you last tried to boot windows.
* Use auto complete to get into the right folder. Type > cd _restore{ and then a couple of the characters of the recovery directory you need and hit Tab. It should auto complete. Hit enter.
- Inside this directory will be a number of RP directories. Again, use > ls -lart to find a recent one to restore from that isn’t from when you booted and failed because of the corruption. Get into the snapshot directory (we’ll use RP1 in this example):
>cd RP1/Snapshot
- Now copy the backup registry files directly into the registry directory:
>cp _REGISTRY_USER_.DEFAULT /mnt/windows/Windows/System32/config/DEFAULT
>cp _REGISTRY_MACHINE_SECURITY /mnt/windows/Windows/System32/config/SECURITY
>cp _REGISTRY_MACHINE_SOFTWARE /mnt/windows/Windows/System32/config/SOFTWARE
>cp _REGISTRY_MACHINE_SYSTEM /mnt/windows/Windows/System32/config/SYSTEM
>cp _REGISTRY_MACHINE_SAM /mnt/windows/Windows/System32/config/SAM
NOTE Remember the directory path is case sensitive – so use the Tab key to get out to config or copy what you used in Step 5. Then when you copy, use upper case or lower case as necessary for the registry hive files (default, security, software, system, and sam) to match the case observed in Step 6. I don’t believe this is 100% necessary, but can’t hurt.
- At this point you’ve put the backup registry info into the right place. Restart the computer:
> shutdown -r now
- When the system restarts and you get the blue System Rescue CD boot screen, select ‘Boot From First Hard Drive’ and you will hopefully boot back into Windows XP with a fixed registry
If you aren’t familiar with Linux and/or System Rescue CD, it can be a bit tricky due to the case-sensitive nature of the shell. But once you get the hang of it (and hitting Tab to auto complete helps a lot), this procedure is MUCH faster than trying to use the Windows XP recovery mode to get into System Volume Information.
As always when messing with system files – make backup copies just in case (Step 6)
One Response for "Simple Windows XP Corrupt Registry Recovery"
[…] now what? Maybe a registry restore? I’ve used that technique a number of times. Sure enough – some searching and I found another IT shop that had done that very […]
Leave a reply